2

Here is the case, we have successfully configured SSH keys (and hence password-less SFTP connection) between ProdServer-A to ProdServer-B. It works, or so I thought still yesterday. Yesterday ProdServer-B failed over to DisasterServer-B. When it did, the SSH connection failed.

In ProdServer-A we get an alert saying ProdServer-B has changed (known-hosts) and could be "man-in-middle" attack (which is as expected, but we know why this is happening). So, my question is, how can we add keys from two servers (same hostname, but only one active at a time) into known_hosts?

Or even better, how can we successfully avoid SSH connection failures if a production server failed over to disaster server? Suggestions are welcome. Thanks!

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
Guru
  • 181
  • 1
  • 1
  • 6
  • There may be quite a few ways that a SSH connexion fails (mostly, due to physical network outages). Think your setup should really tolerate such disruptions (by re-establishing the link). – Deer Hunter Mar 20 '13 at 04:43

1 Answers1

2

If DisasterServer-B is meant to function as a clone of ProdServer-B, including using the same IP address, then I think you can just duplicate the host keys from ProdServer-B to DisasterServer-B as well. One caveat is that if the private key of one is compromised, then a MTM attack could be launched against the other. But I wouldn't expect this to be a huge concern, if they contain the same data anyway.

If it is, then you may have to look into using x509 PKI.

depquid
  • 3,801
  • 1
  • 20
  • 34